SENTRY-1142: Rebase on master (Ashish K Singh via Hao Hao)
Change-Id: If050cf5187021fc5a428f6e8cf8a3c405431d8b7
diff --git a/sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAction.java b/sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAction.java
index e5fc7ff..dcab5d5 100644
--- a/sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAction.java
+++ b/sentry-core/sentry-core-model-kafka/src/test/java/org/apache/sentry/core/model/kafka/TestKafkaAction.java
@@ -18,8 +18,6 @@
import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertTrue;
-import org.apache.sentry.core.model.kafka.KafkaActionConstant;
-import org.apache.sentry.core.model.kafka.KafkaActionFactory;
import org.apache.sentry.core.model.kafka.KafkaActionFactory.KafkaAction;
import org.junit.Test;
diff --git a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaModelAuthorizables.java b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaModelAuthorizables.java
index 1da1193..7be4241 100644
--- a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaModelAuthorizables.java
+++ b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaModelAuthorizables.java
@@ -22,7 +22,7 @@
import org.apache.sentry.core.model.kafka.KafkaAuthorizable.AuthorizableType;
import org.apache.sentry.core.model.kafka.Host;
import org.apache.sentry.core.model.kafka.Topic;
-import org.apache.sentry.provider.common.KeyValue;
+import org.apache.sentry.policy.common.KeyValue;
import org.apache.shiro.config.ConfigurationException;
public class KafkaModelAuthorizables {
diff --git a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.java b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.java
index 5cdfd3f..7383e50 100644
--- a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.java
+++ b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaPrivilegeValidator.java
@@ -16,14 +16,13 @@
*/
package org.apache.sentry.policy.kafka;
-import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_SPLITTER;
-import static org.apache.sentry.provider.common.ProviderConstants.PRIVILEGE_PREFIX;
+import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
+import static org.apache.sentry.policy.common.PolicyConstants.PRIVILEGE_PREFIX;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
-import com.google.common.annotations.VisibleForTesting;
import org.apache.sentry.core.model.kafka.KafkaActionFactory;
import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
import org.apache.sentry.core.model.kafka.Host;
diff --git a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaWildcardPrivilege.java b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaWildcardPrivilege.java
index 76aeb80..bc299b0 100644
--- a/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaWildcardPrivilege.java
+++ b/sentry-policy/sentry-policy-kafka/src/main/java/org/apache/sentry/policy/kafka/KafkaWildcardPrivilege.java
@@ -16,7 +16,7 @@
*/
package org.apache.sentry.policy.kafka;
-import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_SPLITTER;
+import static org.apache.sentry.policy.common.PolicyConstants.AUTHORIZABLE_SPLITTER;
import java.util.List;
@@ -24,7 +24,7 @@
import org.apache.sentry.core.model.kafka.KafkaAuthorizable;
import org.apache.sentry.policy.common.Privilege;
import org.apache.sentry.policy.common.PrivilegeFactory;
-import org.apache.sentry.provider.common.KeyValue;
+import org.apache.sentry.policy.common.KeyValue;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
diff --git a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/KafkaPolicyFileProviderBackend.java b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/KafkaPolicyFileProviderBackend.java
index 47a053d..c4a2f7b 100644
--- a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/KafkaPolicyFileProviderBackend.java
+++ b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/KafkaPolicyFileProviderBackend.java
@@ -21,7 +21,6 @@
import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
-import org.apache.sentry.policy.kafka.SimpleKafkaPolicyEngine;
import org.apache.sentry.provider.file.SimpleFileProviderBackend;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaModelAuthorizables.java b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaModelAuthorizables.java
index 6a18148..421466e 100644
--- a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaModelAuthorizables.java
+++ b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaModelAuthorizables.java
@@ -75,7 +75,7 @@
@Test
public void testClusterResourceNameIsRestricted() throws Exception {
try {
- Cluster cluster1 = (Cluster) KafkaModelAuthorizables.from("Cluster=cluster1");
+ KafkaModelAuthorizables.from("Cluster=cluster1");
fail("Cluster with name other than " + Cluster.NAME + " must not have been created.");
} catch (ConfigurationException cex) {
assertEquals("Exception message is not as expected.", "Kafka's cluster resource can only have name " + Cluster.NAME, cex.getMessage());
diff --git a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaWildcardPrivilege.java b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaWildcardPrivilege.java
index 8566984..bdef91c 100644
--- a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaWildcardPrivilege.java
+++ b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/TestKafkaWildcardPrivilege.java
@@ -19,14 +19,11 @@
package org.apache.sentry.policy.kafka;
import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertTrue;
-import static org.apache.sentry.provider.common.ProviderConstants.AUTHORIZABLE_JOINER;
-import static org.apache.sentry.provider.common.ProviderConstants.KV_JOINER;
-import static org.apache.sentry.provider.common.ProviderConstants.KV_SEPARATOR;
import org.apache.sentry.core.model.kafka.KafkaActionConstant;
+import org.apache.sentry.policy.common.PolicyConstants;
import org.apache.sentry.policy.common.Privilege;
-import org.apache.sentry.policy.kafka.KafkaWildcardPrivilege;
-import org.apache.sentry.provider.common.KeyValue;
+import org.apache.sentry.policy.common.KeyValue;
import org.junit.Test;
public class TestKafkaWildcardPrivilege {
@@ -58,11 +55,6 @@
private static final Privilege KAFKA_HOST1_GROUP1_WRITE =
create(new KeyValue("HOST", "host1"), new KeyValue("GROUP", "cgroup1"), new KeyValue("action", KafkaActionConstant.WRITE));
-
- private static final Privilege KAFKA_CLUSTER1_HOST1_ALL =
- create(new KeyValue("CLUSTER", "cluster1"), new KeyValue("HOST", "host1"), new KeyValue("action", KafkaActionConstant.ALL));
-
-
@Test
public void testSimpleAction() throws Exception {
//host
@@ -153,28 +145,28 @@
@Test(expected=IllegalArgumentException.class)
public void testEmptyKey() throws Exception {
- System.out.println(create(KV_JOINER.join("", "host1")));
+ System.out.println(create(PolicyConstants.KV_JOINER.join("", "host1")));
}
@Test(expected=IllegalArgumentException.class)
public void testEmptyValue() throws Exception {
- System.out.println(create(KV_JOINER.join("HOST", "")));
+ System.out.println(create(PolicyConstants.KV_JOINER.join("HOST", "")));
}
@Test(expected=IllegalArgumentException.class)
public void testEmptyPart() throws Exception {
- System.out.println(create(AUTHORIZABLE_JOINER.
- join(KV_JOINER.join("HOST", "host1"), "")));
+ System.out.println(create(PolicyConstants.AUTHORIZABLE_JOINER.
+ join(PolicyConstants.KV_JOINER.join("HOST", "host1"), "")));
}
@Test(expected=IllegalArgumentException.class)
public void testOnlySeperators() throws Exception {
- System.out.println(create(AUTHORIZABLE_JOINER.
- join(KV_SEPARATOR, KV_SEPARATOR, KV_SEPARATOR)));
+ System.out.println(create(PolicyConstants.AUTHORIZABLE_JOINER.
+ join(PolicyConstants.KV_SEPARATOR, PolicyConstants.KV_SEPARATOR, PolicyConstants.KV_SEPARATOR)));
}
static KafkaWildcardPrivilege create(KeyValue... keyValues) {
- return create(AUTHORIZABLE_JOINER.join(keyValues));
+ return create(PolicyConstants.AUTHORIZABLE_JOINER.join(keyValues));
}
static KafkaWildcardPrivilege create(String s) {
diff --git a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/provider/TestKafkaAuthorizationProviderGeneralCases.java b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/provider/TestKafkaAuthorizationProviderGeneralCases.java
index dc7ade2..386d2d5 100644
--- a/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/provider/TestKafkaAuthorizationProviderGeneralCases.java
+++ b/sentry-policy/sentry-policy-kafka/src/test/java/org/apache/sentry/policy/kafka/provider/TestKafkaAuthorizationProviderGeneralCases.java
@@ -166,38 +166,44 @@
@Test
public void testConsumer() throws Exception {
for (KafkaAction action : allActions) {
- for (Host host : Sets.newHashSet(HOST_1, HOST_2))
+ for (Host host : Sets.newHashSet(HOST_1, HOST_2)) {
doTestResourceAuthorizationProvider(CONSUMER0, Arrays.asList(host, topic1),
Sets.newHashSet(action), READ.equals(action));
+ }
}
for (KafkaAction action : allActions) {
- for (Host host : Sets.newHashSet(HOST_1, HOST_2))
+ for (Host host : Sets.newHashSet(HOST_1, HOST_2)) {
doTestResourceAuthorizationProvider(CONSUMER1, Arrays.asList(host, topic1),
Sets.newHashSet(action), HOST_1.equals(host) && READ.equals(action));
+ }
}
for (KafkaAction action : allActions) {
- for (Host host : Sets.newHashSet(HOST_1, HOST_2))
+ for (Host host : Sets.newHashSet(HOST_1, HOST_2)) {
doTestResourceAuthorizationProvider(CONSUMER2, Arrays.asList(host, topic2),
Sets.newHashSet(action), HOST_2.equals(host) && READ.equals(action));
+ }
}
}
@Test
public void testProducer() throws Exception {
for (KafkaAction action : allActions) {
- for (Host host : Sets.newHashSet(HOST_1, HOST_2))
+ for (Host host : Sets.newHashSet(HOST_1, HOST_2)) {
doTestResourceAuthorizationProvider(PRODUCER0, Arrays.asList(host, topic1),
Sets.newHashSet(action), WRITE.equals(action));
+ }
}
for (KafkaAction action : allActions) {
- for (Host host : Sets.newHashSet(HOST_1, HOST_2))
+ for (Host host : Sets.newHashSet(HOST_1, HOST_2)) {
doTestResourceAuthorizationProvider(PRODUCER1, Arrays.asList(host, topic1),
Sets.newHashSet(action), HOST_1.equals(host) && WRITE.equals(action));
+ }
}
for (KafkaAction action : allActions) {
- for (Host host : Sets.newHashSet(HOST_1, HOST_2))
+ for (Host host : Sets.newHashSet(HOST_1, HOST_2)) {
doTestResourceAuthorizationProvider(PRODUCER2, Arrays.asList(host, topic2),
Sets.newHashSet(action), HOST_2.equals(host) && WRITE.equals(action));
+ }
}
}
diff --git a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java
index a5cd3da..e800830 100644
--- a/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java
+++ b/sentry-tests/sentry-tests-kafka/src/test/java/org/apache/sentry/tests/e2e/kafka/TestAuthorize.java
@@ -197,8 +197,9 @@
@Override
public Boolean call() throws Exception {
ConsumerRecords<String, String> records = kafkaConsumer.poll(1000);
- if (records.isEmpty())
+ if (records.isEmpty()) {
LOGGER.debug("No record received from consumer.");
+ }
for (ConsumerRecord<String, String> record : records) {
if (record.value().equals(msg)) {
LOGGER.debug("Received message: " + record);
@@ -294,4 +295,4 @@
}
}
}
-}
\ No newline at end of file
+}
diff --git a/sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks b/sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks
new file mode 100644
index 0000000..60bb91a
--- /dev/null
+++ b/sentry-tests/sentry-tests-kafka/src/test/resources/user1.keystore.jks
Binary files differ
diff --git a/sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks b/sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks
new file mode 100644
index 0000000..a59dab2
--- /dev/null
+++ b/sentry-tests/sentry-tests-kafka/src/test/resources/user1.truststore.jks
Binary files differ
diff --git a/sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks b/sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks
new file mode 100644
index 0000000..beeff4c
--- /dev/null
+++ b/sentry-tests/sentry-tests-kafka/src/test/resources/user2.keystore.jks
Binary files differ
diff --git a/sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks b/sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks
new file mode 100644
index 0000000..067677d
--- /dev/null
+++ b/sentry-tests/sentry-tests-kafka/src/test/resources/user2.truststore.jks
Binary files differ